Skills
skills/lifangda/claude-plugins/matchms/Gen Agent Trust Hub

matchms

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill documentation explicitly lists 'Pickle (Python serialization)' as a supported data format for importing and exporting mass spectrometry data.
  • Evidence: Found in 'Supported formats' list within the Importing and Exporting section of SKILL.md.
  • Risk: The Python pickle module is inherently unsafe. Deserializing untrusted data can result in the execution of arbitrary code within the agent's environment.
  • [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection via ingestion of external scientific data files.
  • Ingestion points: Functions such as load_from_mgf, load_from_mzml, load_from_msp, and load_from_json ingest data from external files.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the processing logic.
  • Capability inventory: The skill includes file writing capabilities (save_as_...) and potential execution via the aforementioned pickle support.
  • Sanitization: There is no evidence of data sanitization or validation of metadata fields that might contain malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:48 PM